Microsoft defender for endpoint — cloud workflow guide (elastic#3476)

benironside · florent-leborgne · naemono · commit b7b25115585f · 2025-10-28T08:44:08.000-05:00
Fixes elastic#3183 by adding a guide about how to get data from MSD for Endpoint to appear in our contextual cloud security workflows. --------- Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
diff --git a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md
@@ -0,0 +1,23 @@
+---
+applies_to:
+  stack: all
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# Microsoft Defender for Endpoint
+
+This page explains how to make data from the Microsoft Defender for Endpoint integration appear in the following places within {{elastic-sec}}:
+
+- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
+
+
+In order for Microsoft Defender for Endpoint data to appear in these workflows:
+
+* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/microsoft_defender_endpoint).
+* Make sure the integration version is at least 3.0.0.
+* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`.
diff --git a/solutions/toc.yml b/solutions/toc.yml
@@ -685,7 +685,7 @@ toc:
               - file: security/cloud/integration-rapid7.md
               - file: security/cloud/integrations/aws-config-integration.md
               - file: security/cloud/integrations/microsoft-defender-for-cloud.md
-
+              - file: security/cloud/integrations/microsoft-defender-for-endpoint.md
               - file: security/cloud/integrations/microsoft-defender-xdr.md
               - file: security/cloud/integrations/google-security-command-center.md
       - file: security/investigate.md
